533Rec'dPCT/PT0 09 JUN 2000 



FORM PTO-1390 US DEPARTMENT OF COMMERCE 
REV. 5-93 PATENT AND TRADEMARK OFFICE 

TRANSMITTAL LETTER TO THE UNITED STATES 
DESIGNATED/ELECTED OFFICE (DO/EO/US) 
CONCERNING A FILING UNDER 35 U.S.C. 371 


ATTORNEYS DOCKET NUMBER 

P00.0622 


U S APPLICATION NO (if known see 37 CFR 1 5) 

nq/581359 


INTERNATIONAL APPLICATION NO. 
PCT/DE98/03545 


INTERNATIONAL FILING DATE 
02 DECEMBER 1998 


PRIORITY DATE CLAIMED 

18 DECEMBER 1997 



TITLE OF INVENTION 

METHOD AND COMMUNICATIONS SYSTEM FOR CIPHERING INFORMATION FOR A RADIO TRANSMISSION 
AND FOR AUTHENTICATING SUBSCRIBERS 



APPLICANT(S) FOR DO/EO/US 

CHRISTIAN MENZEL ET AL. 



Applicant herewith submits to the United States Designated/Elected Office (DO/EO/US) the following items and other information: 

This is a FIRST submission of items concerning a filing under 35 U.S.C. 371. 
This is a SECOND or SUBSEQUENT submission of items concerning a filing under 35 U.S.C. 371. 
This express request to begin national examination procedures (35 U.S.C. 371 (f)) at any time rather than delay. 
A proper Demand for International Preliminary Examination was made by the 19th month from the earliest claimed priority 
date. 

A copy of International Application as filed (35 U.S.C. 371(c)(2)) - drawings attached. 

a. S is transmitted herewith (required only if not transmitted by the International Bureau). 

b. □ has been transmitted by the International Bureau. 

c. □ is not required, as the application was filed in the United States Receiving Office (RO/US) 
A translation of the International Application into English (35 U.S.C. 371(c)(2) - drawings attached. 

Amendments to the claims of the International Application under PCT Article 19 (35 U.S.C. 5371(c)(3)) 

a. □ are transmitted herewith (required only if not transmitted by the International Bureau). 

b. □ have been transmitted by the International Bureau. 

c. □ have not been made; however, the time limit for making such amendments has NOT expired. 

d. have not been made and will not be made. 

A translation of the amendments to the claims under PCT Article 19 (35 U.S.C. 371(c)(3)). 
An oath or declaration of the inventor(s) (35 U.S.C. 371(c)(4)). 

10. □ A translation of the annexes to the International Preliminary Examination Report under PCT Article 36 (35 U S C 

371(c)(5)). 

Items 11. to 16. below concern other docunient(s] or information included: 

11. H An Information Disclosure Statement under 37 C.F.R. 1.97 and 1.98; (PTO 1449, Prior Art, Search Report). 

12. Kl An assignment document for recording. A separate cover sheet in compliance with 37 C.F.R. 3.28 and 3.31 is included. 

(SEE ATTACHED ENVELOPE) 

13. Kl Amendment "A" Prior to Action. 

□ A SECOND or SUBSEQUENT preliminan/ amendment. 

14. □ A substitute specification. 

15. □ A change of power of attorney and/or address letter. 

16. la Other items or information: 

a. S Submission of Informal Drawings - 2 sheets of drawings. Figures 1-3; and 

Request for Approval of Drawing Modifications, Figures 1-3. 

b. El EXPRESS MAIL #EL 544622965US dated June 9, 2000. 



533Rec'dfCT/PTn »<) iiiM^Qpo 



S. APPLICATION NO (if knM(/n»isaM» 1?.Ff\6) 



17. H The following fees are submitted: 

BASIC NATIONAL FEE (37 C.F.R. 1 .492(a){1 )-(5): 

Search Report has been prepared by the EPO or J PO $840.00 

International preliminary examination fee paid to USPTO (37 C.F.R. 1.482) . . $670.00 

No international preliminary examination fee paid to USPTO (37 C.F.R. 1.482) but 
international search fee paid to USPTO (37 C.F.R. 1.445(a)(2) $760.00 



ENTER APPROPRIATE BASIC FEE AMOUNT = 



CALCULATIONS 



PTO USE ONLY 



Surcharge of $130.00 for furnishing the oath or declaration later than □ 20 CH 30 months 
from the earliest claimed priority date {37 C.F.R. 1.492(e)). 



Number 
Extra 



Independent Claims 



Multiple Dependent Claims 



TOTAL OF ABOVE CALCULATIONS = 



SUBTOTAL = 



Processing fee of $130.00 for furnishing the English translation later than □ 20 □ 30 months 
from the earliest claimed priority date (37 CFR 1 .492(f)). + 



TOTAL NATIONAL FEE = 



Fee for recording the enclosed assignment (37 C.F.R. 1.21(h). The assignment must be 
accompanied by an appropriate cover sheet (37 C.F.R. 3.28, 3.31). $40.00 per property 



TOTAL FEES ENCLOSED = 



Amount to be 
refunded 



charged 



_ to cover the above fees. A 



a. H A check in the amount of $ 840.00 to cover the above fees is enclosed. 

b. □ Please charge my Deposit Account No. in the amount of $ _ 

duplicate copy of this sheet is enclosed. 

c. El The Commissioner is hereby authorized to charge any additional fees which may be required, or credit any 

overpayment to Deposit Account No. 08-2290 . A duplicate copy of this sheet is enclosed. 

NOTE: Where an appropriate time limit under 37 C.F.R. 1.494 or 1.495 has not been met, a petition to revive (37 C.F.R. 1.137(a) or (bj) must be 
filed and granted to restore the application to pending status. 



SEND ALL CORRESPONDENCE TO: 

Hill & Simpson 
A Professional Corporation 
85th Floor Sears Tower 
Chicago, Illinois 60606 



SIGNATURE 
Steven H. Noll 



- n. AM/ 



NAME 

28.982 

Registration Number 



09/581359 

533RecMPCT/PT0 09 JUH 

-1- 
BOX PCX 

IN THE UNITED STATES DESIGNATED/ELECTED OFFICE 
OF THE UNITED STATES PATENT AND TRADEMARK OFFICE 
UNDER THE PATENT COOPERATION TREATY-CHAPTER II 

APPLICANT(S): Christian Menzel et al. 

ATTORNEY DOCKET NO. : P00,0622 

INTERNATIONAL APPLICATION NO: PCT/DE98/03 545 

INTERNATIONAL FILING DATE: 02 December 1 998 

INVENTION: "METHOD AND COMMUNICATIONS SYSTEM FOR 
CIPHERING INFORMATION FOR A RADIO TRANS- 
MISSION AND FOR AUTHENTICATING 
SUBSCRIBERS" 

Assistant Commissioner for Patents, 
Washington D.C. 20231 

AMENDMENT ^'A" PRIOR TO ACTION 

Sir: 

Applicants herewith amend the above-referenced PCT application, and 
request entry of the Amendment prior to examination on the United States 
Examination Phase. 
IN THE SPECIFICATION : 

On page 1: 

cancel lines 1-4 and substitute the following 
-SPECIFICATION 
TITLE 

METHOD AND COMMUNICATIONS SYSTEM FOR CIPHERING 
INFORMATION FOR A R ADIO TRANSMISSION A ND FOR 
_ AUTHENTICAIIfffiiSUB&CRIBERSr 
BACKGROUND OF THE INVENTION 
Field of the Invention— therefor; 
above line 9, insert 
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—Description of the Related Art--; 

in line 9, cancel for example,"; 

in line 1 1, cancel and substitute therefor; 

in line 12, cancel "connections" and substitute —Connections— therefor; 
5 in line 13, cancel "being capable of being" and substitute —can be- 

therefor; 

in line 14, cancel "said" and substitute —this— therefor; 
in line 17, cancel "The" and substitute —In this article, the— therefor; 
in line 18, cancel "thereby"; 
10 in line 19, cancel "means - also referred to as"; 

in line 20, cancel "or SIM card -" and substitute - (SIM) card- therefor; 
in lines 21-22, cancel "means - for example,—; 
in line 22, cancel "-"; 

in line 25, cancel "ensues" and substitute —takes place in a— therefor, and 
15 after "related", insert —manner—; 

in line 27, after "systems", insert — ,— , and cancel ", for example,"; and 
in line 29, cancel the first "the" and substitute —a— therefor. 

On page 2: 

in line 1, cancel "is thereby" and substitute —in these systems is— 

20 therefor; 

in lines 3-4, cancel "etc., in contrast whereto" and substitute — . By 
contrast,— therefor; 

in line 11, cancel ", this" and substitute -. This is- therefor, cancel 
"being", and cancel "in" and substitute —for— therefor; 
25 in line 12, after "given", insert —a—; 

above line 14, insert 

-SUMMARY OF THE INVENTION-; 
in lines 16-17, cancel "so that" and substitute —enabling— therefor; 
in line 17, cancel "derives"; 
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cancel lines 18-21 and substitute the following therefor 
This object is inventively achieved by a method for encryption of 
information for a radio transmission and for authentication of subscribers in a 
communication system that comprises an access network having equipment for the 
5 radio transmission, the communication system further comprising at least one core 
network having a respective authentication equipment for the subscriber 
authentication, the method comprising the steps of allocating a radio channel for 
the transmission of the information via a radio interface from/to at least one base 
station of the access network, mutually transmitting public keys between a mobile 

10 station and the base station via the radio interface, encrypting subsequent 

information to be transmitted via the radio interface using one of the pubhc keys 
received by the base station or the mobile station, deciphering encrypted 
information received by the mobile station or the base station on the basis of a 
private key that is allocated to the transmitted, public key in the mobile station or 

15 in the base station, and authenticating the core network via a subscriber identity 
mobile card of the mobile station, and authenticating the subscribers via the 
authentication equipment of the core network on the basis of encrypted 
information that have been mutually sent. 

This object is also achieved by a communication system for encryption of 

20 information for a radio transmission and for authentication of, comprising an 

access network having equipment for the radio transmission as well as at least one 
core network, the core network having a respective authentication equipment for 
the subscriber authentication, the communication system utilizing a radio channel 
for transmission of the information via a radio interface from/to at least one base 

25 station of the access network, memory devices in a mobile station and in the base 
station for storing public keys and private keys that are allocated to the public 
keys, transmitters in the mobile station and in the base station for mutually sending 
the public keys via the radio interface, controllers in the mobile station and in the 
base station for encryption of the information to be subsequently sent via the radio 

30 interface upon employment of the public keys received by the base station or, 
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respectively, the mobile station and for deciphering the received, encrypted 
information on the basis of the stored, appertaining private key the mobile station 
comprising a subscriber identity mobile card for authenticating the core network, 
the core network comprising an authentication equipment for authenticating the 
subscribers; and the authenticating the core network and the authenticating the 
subscribers utilizing mutually transmitted, encrypted information. ~ 

in lines 27-28, cancel respectively," and substitute -the— therefor; 

in line 30, cancel ", respectively," and substitute -the- therefor; and 

in line 32, cancel respectively,". 

On page 3: 

in line 2, cancel "means" and substitute --component/equipment- 

therefor; 

in line 3, cancel "the means" and substitute —a component/equipment— 

therefor; 

in line 7, cancel "ensue" and substitute —take place in a— therefor; 
in line 8, after both instances of "related", insert —manner--, and after 
"of, insert —a—; 

in line 12, cancel the first "-" and substitute -(- therefor, and cancel the 
second "-" and substitute -)- therefor; 

in line 13, cancel "," and substitute -(- therefor, and after 
"authentication", insert — )— ; 

in line 16, cancel "this having not been" and substitute -which was not— 

therefor; 

in line 27, cancel "means" and substitute -device- therefor; and 
in line 30, cancel "means" and substitute —device— therefor. 



On page 4: 

in lines 2-3, cancel ", that latter using this" and substitute -which uses 
this key— therefor; 
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in line 22, cancel "means of the"; 

in line 25, cancel "ensues" and substitute —occurs— therefor; 

in lines 25-26, cancel ", this being capable of being" and substitute — 
which can be— therefor; 
5 in line 26, after "implemented", insert — ,— , and cancel "given" and 

substitute —for— therefor; 

in line 28, cancel "means of the";l 

in line 30, cancel "means ft"om the"; and 

in line 31, cancel "the means of therefor. 

10 On page 5: 

in line 2, cancel "network means" and substitute —core network- 
therefor; 

in line 3, cancel "network means" and substitute —core network- 
therefor; 

15 in line 6, cancel "means"; 

in line 9, cancel "see to" and substitute —implement— therefor; 
inline 13, cancel", respectively,"; 

in line 16, cancel "means" and substitute —authentication mechanism— 

therefor; 

20 in line 17, cancel "control means" and substitute —controller— therefor; 

above line 20, insert 

-BRIEF DESCRIPTION OF THE DRAWINGS ~; 
cancel line 22; 

in line 23, cancel "the" and substitute -is a- therefor; 
25 in line 26, cancel "the message" and substitute —is a message—, and after 

"flow", insert —diagram—; 

in line 29, cancel "the message" and substitute —is a message—, and after 
"flow", insert —diagram—; and 

in lines 30-31, cancel "a network means of. 
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On page 6: 

above line 1, insert 

--DESCRIPTION OF THE PREFERRED EMBODIMENTS--; 
in line 1, after "a", insert —universal network--; 
5 in line 2, cancel for example,"; 

in line 6, cancel ", for example,"; 

in line 7, cancel "thereto - is thereby" and substitute —to it - is— therefor; 
in line 1 1 , cancel for example/'; 

in line 16, cancel "means" and substitute —authentication equipment— 
10 therefor; and 

in line 28, cancel "thereby". 



On page 7: 

in line 3, after "have", insert — a~; 

in line 4, cancel "means"; 
15 in line 5, cancel "transmission and reception means" and substitute — 

transmitter and receiver— therefor; 

in lines 6-7, cancel "transmission and reception means" and substitute — 
transmitter and receiver— therefor; 

in line 7, cancel the first "means", and cancel "transmission and reception 
20 means" and substitute —transmitter and receiver— therefor; 

in lines 8-9, cancel "control means" and substitute —controller— therefor; 

in line 9, cancel the "means" after "memory"; 

in lines 9-10, cancel "transmission and reception means" and substitute — 
transmitter and receiver— therefor; 
25 in lines 11-12, cancel "- station-related via the transmission and reception 

means MSE -"; 
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in line 15, cancel the first "means" and cancel "control means" and 
substitute —controller— therefor; 

in line 19, cancel "means" and substitute —entity— therefor, and after 
"i.e.", insert — ,— ; 

5 in line 20, cancel "If and substitute —The base station— therefor; 

in Une 23, cancel the first "means", and cancel "control means" and 
substitute —controller— therefor; 

in hne 25, cancel "these begin" and substitute —which are— therefor; 
cancel line 27 and substitute —station BS or its controller BST— therefor; 
10 in Une 30, cancel "-" and substitute — ,— therefor; and 

inline 31, cancel"-". 

On page 8: 

in line 4, cancel "[..]" and substitute —method— therefor, and cancel 
"thereby" and substitute —thus— therefor; 
15 in line 5, cancel "of and substitute —in— therefor; 

in line 9, cancel "transmission and reception means" and substitute — 
transmitter and receiver— therefor; 

in line 10, cancel ", said first public key PUKl-BS having" and substitute 
—which has— therefor; 
20 in line 1 1, cancel "being" and cancel "control means" and substitute — 

controller— therefor; 

in hne 12, cancel "means"; 

in line 13, cancel "following", and after "information", insert —that 
follows it—; 

25 in line 19, cancel "listen to this" and substitute —eavesdrop— therefor; 

in line 22, cancel "means" and substitute — subscriber identity mobile 
card— therefor, and after "authentication", insert — ,— ; 
in lines 22-23, cancel "controller means"; 

in line 25, cancel "means" and substitute —authentication equipment— 



therefor; 

in line 30, cancel "means" and substitute —entity— therefor; and 

in line 31, cancel "means" and substitute —entity— therefor, and cancel 

"as". 

On page 9: 

in line 3, cancel "comprised thereof; 
in line 5, before "signed", insert —and—; 
in line 8, cancel "-" and substitute — ,— ; 
in line 9, cancel "-"; 

in line 14, cancel "Further" and substitute —Furthermore— therefor, and 
before "access", insert —the—; 

in Une 15, before "core", insert —the—; 

in Une 16, cancel "wherein" and substitute —in which— therefor; 

in line 20, cancel "The example" and substitute —This example— therefor; 

and 

in Une 21, cancel "thereby limited thereto" and substitute —limited in— 

therefor. 

On page 10: 

in Hne 10, before "third", insert —and—; 

in Une 1 1 , cancel "not being" and substitute —are not— therefor, and 
cancel "into"; 

in line 14, cancel "thereby"; 

in line 17, cancel "being" and substitute —and are— therefor; 
in Une 18, cancel "thereof and substitute —of it— therefor; 
in lines 20-21, cancel "-specific means" and substitute —identity mobile 
card— therefor; 

in lines 21-22, cancel "- on the basis of the subscriber-related SIM card-"; 
in Une 22, cancel "means" and substitute —authentication equipment— 
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therefor; 

in line 24, cancel "thereby ensues" and substitute —takes place in--, and 
after "encrypted", insert —format--; 

in line 25, cancel "means" and substitute —authentication equipment— 

5 therefor; 

in line 29, cancel "means" and substitute —authentication equipment— 

therefor; 

in line 31, cancel "thereto"; and 

in line 32, cancel "means" and substitute —authentication equipment— 



On page 11: 

in line 1, cancel ", said means" and substitute — . The authentication 
equipment— therefor, and cancel "implementing" and substitute —implements— 
therefor; 

15 in hne 2, cancel likewise" and substitute —in a likewise manner— 

therefor; 

in hne 6, cancel "ensues" and substitute —takes place— therefor; 
in Une 7, cancel "-specific means (SIN)" and substitute —identity mobile 
card (SIM)-; 

20 in line 8, cancel "network means" and substitute —authentication 

equipment— therefor; 

in line 10, cancel "-" and substitute — ,— therefor; 
in line 13, after "achieved", insert — .— ; 

in line 14, cancel "and access", and substitute —The access— therefor, 
25 cancel the first "-" and substitute — (— therefor, and cancel "- and" and substitute — 
) and the— therefor; 

in line 15, cancel the first "-" and substitute ~(- therefor, and cancel "the 
second "-" and substitute — )— therefor; and 
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below line 1 6, insert 

The above-described method and communication system are illustrative 
of the principles of the present invention. Numerous modifications and adaptions 
thereof will be readily apparent to those skilled in this art without departing from 
5 the spirit and scope of the present invention.--. 

IN THE CLAIMS : 

On page 12, line 1, replace " PATENT CLAIMS " with -WHAT IS 
CLAIMED IS:~ 



10 Please amend claims 1-15 as follows: 

1 . (Amended) A method [Method] for encryption of information for a radio 

transmission and for authentication of subscribers [(SI, S2)] in a communication 
system [(UNM),] that [-] comprises an access network [(ACN)] having equipment 
[(BS, BSC)] for said [the] radio transmissio n, said communication system further 

15 comprising a [as well as at least one] core network [(CONl, C0N2)] having a 
respective authentication equipment [(AC, AC=)] for said [the] subscriber 
authentication, comprising the steps of 

[- allocates] allocating a radio channel [(RCH)] for said [the] transmission 
of said [the] information via a radio interface [(AI)] from/to a [at least 

20 one] base station [(BS)] of said [the] access network; [(ACN), 

whereby] 

[-] mutually transmitting public keys [(PUKl-MT, PUK-BS) are mutually 
transmitted] between a mobile station [(MT)] and said [the] base station [(BS)] via 
said [the] radio interface^ [(AI),] 
25 [-] encrypting subsequent information to be transmitted via said radio 

interface using one of said [the] public keys [key (PUKl-MT or, respectively, 
PUK-BS)] received by said [the] base station [(BS)] or [, respectively,] said 
mobile station; [(MT) is employed for encryption of the information to be 
subsequently transmitted via the radio interface (AI),] 
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[- the] deciphering encrypted information received by said [the] mobile 
station [(MT)] or [, respectively,] said base station [(BS) are deciphered] on the 
basis of a private key [(PRKl-MT, PRKl-BS)] that is allocated to said [the] 
transmitted, public key [(PUKl-MT, PUK-BS)] in said [the] mobile station [(MT)] 
5 or [, respectively,] in said [the] base statio n: and [(BS), and whereby] 

[-] authenticating said core network via a subscriber identity mobile card 
[-specific means (SIN)] of said [the] mobile station [(MT) implements the 
authentication of the respective core network (CONl, C0N2)], and authenticating 
said subscribers via said authentication equipment [the means (AC, AC=)] of said 
10 [the] core network [(CONl, C0N2) implements the authentication of the 

subscriber (SI, S2)] on the basis of encrypted information that have been mutually 
sent. 



2. (Amended) A method [Method] according to claim 1, further comprising 

the steps of [whereby] 

[-] sending a first public key [(PUKl-MT) is first sent] from said [the] 
mobile station [(MT)] to said [the] base station; [(BS),] 

encrypting [which employs it for the encryption of the] information to be 
sent to said [by the] mobile station [(MT)] using said first public key by said base 
station : 

[- a] sending an other public key [(PUK-BS) is sent] from said [the] base 
station [(BS)] to said [the] mobile station; [(MT),] 

encrypting [which employs it for the encryption of the] information to be 
sent to said [the] base station [(BS)] using said other public key by said mobile 
station, and : [and, subsequently,] 

[- the mobile station (MT) sends] sending a second public key [(PUK2- 
MT)] to said [the] base station [(BS)] by said mobile station subsequent to said 
step of sending said other public key from said base station . 
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3. (Amended) A method [Method] according to claim 2, flirther comprising 

the step of replacing said first [whereby the second] public key [(PUK2-MT) 
replaces the first] with said second public key [(PUKl-MT)] sent to said [the] base 
station [(BS)]. 

5 4. (Amended) A method [Method] according to claim 1, further comprising 

the steps of: [whereby 

- the base station (BS) first sends a first public key (PUKl-BS) to the mobile 
station (MT) that employs for encryption of the information to be sent to the base 
station (BS); 

10 - the mobile station (MT) sends a public key (PUK-MT) to the base station (BS) 
that employs for the encryption of the information to be sent to the mobile station 
(MT); and, subsequently, 

- the base station (BS) sends a second public key (PUK2-BS) to the mobile station 
(MT).] 

15 sending a first public key from said base station to said mobile system: 

encrypting information to be sent to said base station using said first 
public key by said mobile station: 

sending an other public key from said mobile station to said base station: 
encrypting information to be sent to said mobile station using said other 
20 public key by said mobile station: and 

sending a second pubhc key to said mobile station by said base station 
subsequent to said step of sending said other pubUc key from said mobile station. 

5. (Amended) A method [Method] according to claim 4, fizrther comprising 

the step of replacing said first [whereby the second] public key [(PUK2-BS) 
25 replaces the first] with said second public key [(PUKl-BS)] sent to said [the] base 
station [(BS)]. 
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6. (Amended) A method [Method] according to claim 1, farther comprising 
the steps of: [one of the preceding claims, whereby] 

[- the mobile station (MT) sends] sending a subscriber identity [(SID)] of 
said [the] subscriber [(SI, S2)] and an authentication request [(aureq-mt)] by said 
mobile station to said [the] core network [(CONl, C0N2)] in encrypted form; [, 
and] 

returning, by said authenticating equipment [the means (AC, AC=)] of the 
core network^ [(CONl, C0N2) returns] an authentication reply [(aures-co)] in 
encrypted form; and 

[- the] implementing, by said mobile station^ [(MT) implements] an 
authentication procedure for checking an [the] identity of said [the] core network 
[(CONl, CON2)]. 

7. (Amended) A method [Method] according to claim 6, further comprising 
the steps of [whereby] 

[- the means (AC, AC=) of the core network (CONl, C0N2) sends] 
sending an authentication request [(aureq-co)] in addition to said [the] 
authentication reply (aures-co) in encrypted form by said authenticating equipment 
of said core network; [, and] 

returning, by said [the] mobile station^ [(MT) returns] an authentication 
reply [(aures-mt)] to said authenticating equipment of said core network [the 
means (AC)] in encrypted form; and 

[- the means (AC, AC=) implements] checking said subscriber identity by 
an authentication procedure implemented by said authenticating equipment of said 
core network [for checking the subscriber identity (SDD)]. 

8. (Amended) A method [Method] according to claim L further comprising 
the step of implementing said authentication procedure utilizing [one of the 
preceding claims, whereby] secret keys [(ki) are employed for the authentication 
procedure]. 
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9. (Amended) A method [Method] according to claim 1, further comprising 
the steps of: [one of the preceding claims, whereby] 

servicing, by said [the] access network [(ACN) services] at least two core 
networks [(CONl, CON2)] in parallel; and 
5 registering and authenticating in different core networks, a subscriber 

[one or more subscribers (SI, S2)] that can use said [the] mobile station [(MT)] in 
parallel [are registered and authenticated in different core networks (CONl, 
CON2)]. 

10. (Amended) A method [Method] according to claim 1, fiirther comprising 
10 the step of [one of the claims 1 through 8, whereby the] 

servicing, by access network^ [(ACN) services] a core network [(CON)] 
in which a plurality of subscribers [(SI, S2)] that can use said [the] mobile station 
[(MT)] in parallel are registered and authenticated. 

11. (Amended) A method [Method] according to claim 1, wherein said [one 
15 of the preceding claims, whereby the] access network [(ACN)] and said [the] core 

network or multiple core networks [(CONl, CON2)] are administered by different 
network operators. 

12. (Amended) A communication [Communication] system for encryption of 
information for a radio transmission and for authentication of subscribers [(SI, 

20 S2)], comprising: 

[-] an access network [(ACN)] having equipment [(BS, BSC)] for said 
[the] radio transmission as well as a [at least one] core network [(CONl, CON2)]^ 
said core network having a respective authentication equipment [means (AC, 
AC=)] for said [the] subscriber authentication, said communication system utilizing 

25 [-] a radio channel [(RCH)] for transmission of said information [the intervention] 
via a radio interface [(AI)] from/to a [at least one] base station [(BS)] of the 
access network; [(ACN), 
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and comprising] 

[-] memory devices [(MSP, BSP)] in a mobile station [(MT)] and in said 
[the] base station [(BS)] for storing public keys [(PUKl-MT, PUK-BS)] and 
private keys [PRKl-BS, PRKl-BS [sic])] that are allocated to said [the] public 
5 keys [(PUKl-MT, PUK-BS)], 

[- transmission devices (MSB, BSE)] transmitters in said [the] mobile 
station [(MT)] and in said [the] base station [(BS)] for mutually sending said [the] 
public keys [(PUKl-MT, PUKl-BS)] via said [the] radio interface; [(AI),] 

[- control devices (MST, BST)] controllers in said [the] mobile station 
10 [(MT)] and in said [the] base station [(BS)] for encryption of said [the] 

information to be subsequently sent via said [the] radio interface [(Al)] upon 
employment of said [the] public keys [(PUKl-MT or, respectively, PUK-BS)] 
received by said [the] base station [(BS)] or, respectively, said mobile station 
[(MT)] and for deciphering [the] received, encrypted information on the basis of 
15 said [the] stored, appertaining private key [(PRKl-MT, PRKl-BS), and] 

said mobile station comprising [-] a subscriber identity mobile card [- 
specific means (SIN) in the mobile station (MT) and a means (AC, AC=) in the 
respective core network (CONl, CON2)] for authenticating said [the 
implementation of the authentication of the] core network; [(CONl, CON2) as 
20 well as] 

said core network comprising an authentication equipment for 
authenticating said [the authentication of the] subscribers : and [(SI, S2)] 

said authenticating said core network and said authenticating said 
subscribers utilizing [on the basis of] mutually transmitted, encrypted information. 

25 13. (Amended) A communication [Communication] system according to 
claim 12, wherein said [comprising an] access network [(ACN) to which] has at 
least two core networks [(CONl, C0N2) are] connected in parallel for [the] 
registration and authentication of a subscriber [one or more subscribers (SI, S2)] 
that can use said [the] mobile station [(MT)] in parallel in different core network 
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[(CONl, CON2)]. 

14. (Amended) A communication [Communication] system according to 
claim 12, wherein said [comprising an] access network [(ACN) to which] has a 
core network [(CONl) is] connected for [the] registration and authentication of a 
plurality of subscribers [(SI, S2)] that can use said [the] mobile station [(MT)] in 
parallel. 

15. (Amended) A communication [Communication] system according to 
claim 12 [one of the preceding claims, comprising an] wherein said access network 
[(ACN)] and said core network or multiple core networks are administered by 
[one or more core networks (CONl, C0N2) that exhibit] different network 
operators. 

IN THE ABSTRACT 
On page 17: 

cancel lines 2-3; 

in line 9, cancel respectively,"; 
inline 10, cancel", respectively,"; 
inline 13, cancel", respectively,"; 
inline 15, cancel", respectively,"; 

in line 16, cancel "mobile radio telephone-specific means (SIN)" and 
substitute —subscriber identity mobile card (SIM)— therefor; 

in line 18, cancel "a means" and substitute —authentication equipment— 
therefor; and 

cancel line 21. 
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The present Amendment revises the specification and claims to conform 
to United States patent practice, before examination of the present PCT 
application in the United States National Examination Phase. All of the changes 
5 are editorial and appUcant beUeves no new matter is added thereby. The 

amendment of claims 1-15 is not intended to be a surrender of any of the subject 
matter of those claims. 



Early examination on the merits is respectfully requested. 
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SPECIFICATION 

METHOD AND COMMUNICATIONS SYSTEM FOR CIPHERING 
INFORMATION FOR A RADIO TRANSMISSION AND FOR 
AUTHENTICATING OF SUBSCRIBERS 



The invention is directed to a method for the encryption of information 
for a radio transmission and for authentication of subscnbers in a 
communication system and is also directed to a corresponding 
communication system. 

Communication systems such as, for example, the mobile radio 
telephone system according to the GSM standard (global system for mobile 
communication) use a radio interface for wireless information transmission, 
connections between mobile stations and base stations of a mobile radio 
telephone network being capable of being setup, released and maintained 
on said radio interface. A method and a system for encryption (ciphering) 
information for radio transmission and for subscriber authentication are 
known from the article "Safety First bei europaweiter Mobilkommunikation", 
telcom report 16 (1993), No. 6, pages 326 through 329. The mobile 
subscribers thereby identify themselves with respect to the mobile radio 
telephone network using a means - also referred to as subscriber identity 
mobile or SIM card - that is contained in the radio telephone subscriber 
station. At the network side, the mobile subscriber is registered in a means - 
for example, an authentication means (authentication center) - that 
respectively offers security parameters and security algorithms for the 
protection of the subscriber data of the mobile subscribers. The encryption 
of the information on the radio interface ensues subscriber-related and is 
directly coupled to the subscriber authentication. 

In future communication systems such as, for example, a universal 
network (UMTS, universal mobile telecommunication system or UPT, 
universal personal communication), there is the tendency to divide the 
infrastructure into an access network and into one or more core networks. 



The area of the access network is thereby responsible for matters of the 
radio interface such as administration and allocation of the radio channels, 
channel encoding, encryption via the radio interface, etc., in contrast 
whereto the area of the core network is mainly responsible formatters of the 
subschber administration such as registration (subscription), authentication, 
selection of the access network, etc., as well as for offering services. An 
encryption of the information for the radio transmission independently of the 
core network is impossible in the current GSM system. Over and above this, 
a radio resource, for example the radio channel, is exclusively used for only 
one subscriber in the encryption, namely the subscriber that was 
authenticated at the moment, this no longer being adequate in future 
communication systems, particularly given simultaneous use of a mobile 
station by a plurality of subscribers (for example, with their SIM cards). 

The invention is based on the object of specifying a method and a 
communication system that enables an encryption of the information at the 
radio interface independently of the nature and plurality of core networks, so 
that a functional separation of encryption and authentication derives. 

This object is inventively achieved by the method comprising the 
features of patent claim 1 and by the communication system comphsing the 
features of patent claim 12. Developments of the invention can be derived 
from the subclaims. 

The subject matter of the invention proceeds from an encryption of the 
information for the radio transmission in an access network as well as from 
an authentication in at least one core network. Inventively, public keys are 
transmitted in alternation between a mobile station that can be used in 
parallel by a plurality of subscribers and the base station, being sent via the 
radio interface, and the public key received by the base station or, 
respectively, mobile station is employed for the encryption of the information 
to be subsequently transmitted via the radio interface. The encrypted 
information received by the mobile station or, respectively, base station can 
be deciphered on the basis of a private key that is allocated in the mobile 
station or, respectively, in the base station to the public key that was 



transmitted. Following the deciphering procedure, the authentication of the 
respective core network is implemented by a means of the mobile station, 
and the authentication of the subscriber is implemented by the means of the 
core network on the basis of the encrypted information transmitted in 
alternation. 

As a result of the mutual transmission of public keys between mobile 
station and base station, the encryption for the radio transmission can ensue 
mobile station-related instead of subscriber-related and, thus, can 
simultaneously ensue for a plurality of subscribers. There is a bidirectional, 
trusted relationship into which an "apparent" base station or an unauthorized 
base station cannot intervene. Another advantage is the functional 
separation of access network - responsible for encryption - and core 
network, responsible for authentication. The radio resource is multiply 
utilized for the encryption of a plurality of subscribers at the mobile station. 
The information required for the authentication procedure can already be 
transmitted encrypted, this having not been possible in the previous GSM 
system. Maximum security is achieved by the combination of the encryption 
with public/private keys at the mobile station level and the following 
authentication at the subscriber level. In particular, a plurality of core 
networks - potentially of different network types - can be connected parallel 
to the access network due to the functional separation of access network 
and core network, and, in particular, a plurality of subscribers having 
different identities (SIM cards) can communicate simultaneously via a mobile 
station and in different core networks. 

No third party can subsequently sneak into the secure connection, 
achieved by multiple, mutual transmission of the public keys. The foliowing 
authentication assures that the respective partner means of the connection - 
i.e., the base station from the point of view of the mobile station or, 
respectively, the mobile station from the point of view of the base station - 
is also in fact the means that it pretended to be at the beginning of the 
communication. 



An advantageous development of the invention provides that the 
mobile station first sends a first public key to the base station, that latter 
using this for the encryption of the information, and a public key is sent from 
the base station to the mobile station that employs it for the encryption of the 
information. Subsequently, the mobile station sends a second public key to 
the base station. The involvement of an "apparent" base station or of the 
unauthorized base station into the connection is thus dependably prevented 
at the radio interface. The second key thereby preferably replaces the first 
key. 

According to an alternative development of the invention, the base 
station first sends a first public key to the mobile station, which employs it for 
encryption of the information, and the mobile station sends a public key to 
the base station, which employs it for the encryption of the information. 
Subsequently, the base station sends a second public key to the mobile 
station. The involvement of the "apparent" base station or of the 
unauthorized base station in the connection is thus dependably prevented 
at the radio interface. The second key is thereby preferably replaced by the 
first key. 

It is advantageous according to another development of the invention 
that the mobile station sends a subscriber identity of the subscriber and an 
authentication request to the core network in encrypted form and receives 
an authentication reply from the means of the core network sent back to it 
in encrypted form. Subsequently, the mobile station implements an 
authentication procedure for checking the identity of the core network. A 
network authentication thus ensues at the side of the mobile station, this 
being capable of being individually implemented particularly given a plurality 
of core networks dependent on where the subscriber is registered. 

The means of the core network preferably sends an authentication 
request in addition to the authentication reply in encrypted fashion, and an 
authentication reply is sent back to the means from the mobile station in 
encrypted form. Subsequently, the means of the core network can 
implement an authentication procedure for checking the subscriber identity. 



This has the advantage that the request for checking the subscriber 
authentication can be co-transmitted with the reply of the network means to 
the network authentication and can be initiated by the network means 
immediately upon arrival of the reply. 

A communication system according to the invention comprises 
memory means as a mobile station that can be used in parallel by a plurality 
of subscribers and of the base station for storing public keys and private 
keys that are allocated to the public keys. Transmission devices in the 
mobile station and in the base station see to the mutual transmission of the 
public keys via the radio interface. Control devices in the mobile station and 
in the base station are provided for the encryption of the information to be 
subsequently transmitted via the radio interface upon employment of the 
public key received from the base station or, respectively, mobile station and 
for deciphering the received, encrypted information on the basis of the 
stored, appertaining private key. Over and above this, the communication 
system comprises a subscriber-specific means in the mobile station and a 
control means in the respective core network for the implementation of the 
authentication of the core network as well as of the authentication of the 
subscribers on the basis of mutually transmitted, encrypted information. 

The invention is explained in greater detail below on the basis of an 
exemplary embodiment with reference to the graphic illustration. 

Thereby shown are: 
FIG. 1 the block circuit diagram of a communication system with an 

access network for the radio transmission and a plurality of 

core networks for the authentication; 
FIG. 2 the message flow for the encryption of the information at the 

radio interface between a mobile station and a base station of 

the access network; and 
FIG. 3 the messageflowforthe authentication of the subscribers and 

of the core networks between the mobile station and a network 

means of the respective core network. 



The communication system show in FIG. 1 is a communication system 
UNW - such as, for example, a universal UMTS or UPT network (universal 
mobile telecommunication system or universal personal telecommunication) 
- whose infrastructure is divided into an access network ACN and into one 
or more core networks C0N1 , C0N2. The area of the access network ACN 
having devices of a radio sub-system - such as, for example, base stations 
BS and base station controllers BSC connected thereto - is thereby 
responsible for matters of the radio interface such as administration and 
allocation of radio channels, channel encoding, encryption via the radio 
interface, etc. The area of the core network C0N1, C0N2 with network 
equipment - such as, for example, switching equipment MSG, MSC and 
authentication equipment AC, AC - is mainly responsible for matters of 
routing, of subscriber administration such as registration (subscription) of the 
subscribers S1, S2 as well as authentication, selection of the access 
network ACN, etc., and for offering services. The authentication procedures 
in the means AC, AC preferably use secret keys ki according to the known 
procedure of the GSM standard in order to implement the subscriber 
authentication for the subscriber S1 registered in the core network C0N1 
and for the subscriber S2 registered in the core network C0N2 in parallel 
and independently of the access network ACN. 

In the present example, the switching equipment MSC, MSC in the 
core networks C0N1 and C0N2 are connected to the base station controller 
BSC of the access network ACN. The base station controller BSC enables 
the connection to at least one base station, to the base station BS in the 
present example. Such a base station BS is a radio station that is provided 
for coverage of a radio area - for example, of a radio cell - in order to setup, 
release and maintain connections from/to at least one mobile station MT that 
resides in its radio area via radio interface Al. The information are thereby 
contained in a radio channel RCH allocated by the base station controller 
BSC. The connections can be a matter of outgoing connections as well as 
of incoming connections. The mobile station MT in the present example is 
especially suited for simultaneous use by a plurality of subscribers S1 and 



S2 that are attached in parallel to an internal bus (not shown) on the basis 
of their subscriber-specific devices SIM (subscriber identity module) and 
each have respectively separate subscriber identity. 

The mobile station MT comprises a memory means MSP, a 
transmission and reception means MSE as well as control devices MST, 
MST' that are connected to the memory means MSP and transmission and 
reception means MSE. Likewise, the base station BS comprises a memory 
means BSP, a transmission and reception means BSE as well as a control 
means BST that is connected to the memory means BSP and transmission 
and reception means BSE. 

According to the invention, the mobile station MT - station-related via 
the transmission and reception means MSE - sends a first public key PUK1 - 
MT via the radio interface Al in parallel for all subscribers active at it and 
makes note of an appertaining, private key PRK1 -MT that is deposited in the 
memory means MSP or in the control means MST. The base station BS 
employs the received, public key PUK1-MT for the encryption of the 
information to be subsequently sent via the radio interface Al. The 
deciphering of the information sent by the base station BS is thus only 
possible for the means that knows the appertaining private key, i.e. the 
mobile station MT with the key PRK1 -MT. It in turn sends a public PUK-BS 
in the reply of the base station BS in the opposite direction to the mobile 
station MT and makes note of the appertaining private key PRK1-BS. The 
memory means BSP or the control means BST stores the private key PRK1- 
BS. It is thus assured that information subsequently sent by the mobile 
station MT to the base station BS, these being encrypted upon employment 
of the public key PUK1-BS, can only in turn be deciphered by the base 
station BS or, respectively, the control means BST thereof. 

In order to prevent an "apparent" base station or unauthorized base 
station from using the public key PUK1-MT communicated from the mobile 
station MS for sending correctly encrypted information - arbitrarily or 
intentionally -, the mobile station MT sends a second public key PUK2-MT 
(already encrypted) to the base station BS via the radio interface Al. This 



key PUK2-MT can only be read and employed by the correct base station BS 
with which a trusted relationship was initially set up on the mobile station 
level. The "apparent" base station or unauthorized base station is 
dependably suppressed in this [..]. The second public key PUK2-MT thereby 
replaces the previous, first public key PUKI-MT. The same is true of the 
other transmission direction when the mutual transmission of the keys was 
initiated by the base station BS. 

The encryption procedure can likewise be initiated by the base station 
BS, so that the transmission and reception means BSE sends a first public 
key PUK1 -BS to the mobile station MT, said first public key PUK1 -BS having 
a private key PRK1-BS allocated to it and being stored in the control means 
BST or in the memory means BSP. The mobile station MT employs the 
arriving, public key PUK1 -BS for encryption of the following information and 
in turn sends a public key PUK-MT to the base station BS that employs it for 
the encryption of the information in the opposite direction. Subsequently, 
the base station BS preferably sends a second public key PUK2-BS to the 
mobile station MT in order to be absolutely certain that an undesired base 
station does not mix itself into the encrypted information transmission via the 
radio channel or listen to this. The public as well as the private keys are 
composed, for example, of a numerical sequence or bit sequence. 

Following the encryption procedure, the mobile station MT - 
preferably, the means SIM provided only for the authentication or a control 
means MST responsible in common for encryption and authentication - 
implements the authentication of the respective core network C0N1 , C0N2, 
and the means AC, AC of the core network C0N1 , C0N2 implements the 
authentication of the subscriber S1 , S2 on the basis of mutually transmitted, 
encrypted information at the subscriber level (see Fig. 3). The bidirectional 
authentication is thus implemented independently of the access network 
ACN. The authentication appended to the encryption offers maximum 
security since it assures that the cooperating means of the connection is in 
fact the means that it identified itself as at the beginning of the 
communication. This prevents the overall communication on this connection 



from having been initiated by an "apparent" base station or unauthorized 
base station. Another advantage of the functional separation of encryption 
and authentication is comprised thereof that the subscnber identities and the 
information required for the authentication - for example, random number 
RAND, signed response SRES according to a GSM method - can already be 
transmitted encrypted via the radio interface Al. Authentication procedures 
deviating from GSM methods can also be employed for the authentication. 

A plurality of core networks - the two core networks C0N1 , C0N2 in 
the present example - even if different network types, can be connected 
parallel to the access network ACN. The subscribers S1 , S2 simultaneously 
work with different SIM cards via the one mobile station MT in different core 
networks - in the two core networks C0N1 , C0N2 in the present example - 
or, respectively, one or more subscribers S1, S2 work in a single core 
network, for example C0N1. Further, the functional separation of access 
network ACN and core network C0N1 , C0N2 also supports configurations 
wherein the access network ACN and the core network or networks C0N1 , 
CON2 exhibit different network operators. 

In a schematic illustration, FIG. 2 shows the message flow for 
encryption of the information for the radio transmission between the mobile 
station MT and the base station BS of the access network. The example is 
thereby limited thereto that the mutual exchange of the keys is initiated by 
the mobile static MT. The base station BS could likewise begin the 
exchange (also see the description for FIG. 1); the following message flow 
would then be executed in a corresponding way. 

After the allocation of the radio channel RCH for a connection setup 
for communication, the mobile station MT starts the encryption in that it 
transmits the public key PUK1-MT in a message SEND and makes note of 
the appertaining, private key PRK1 -MT. The encrypted transmission of the 
information has thus begun at the radio interface. The base station BS uses 
the arriving key PUK1-MT for encrypted information transmission in the 
opposite direction, and in turn transmits the public key PUK-BS in the 
message SEND. It also makes note of the phvate key PRK1 -BS belonging 
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to the public key PUK-BS. The information transmitted in encrypted form - 
at least the public key PUK-BS in the present case - can only be deciphered 
by the mobile station MT with the assistance of the private key PRK1-MT 
that is only known to it. After the deciphering, the mobile station MT sends 
a second public key PUK-MT to the base station BS in a further message 
SEND, this base station BS deciphering the arriving information - at least the 
second public key PUK2-MT in the present case - with the assistance of the 
private key PRK1 -BS that is only known to it. The second public key PUK2- 
MT thereby replaces the previous, first public key PUK1-MT. A trusted 
relationship has thus been produced between the two devices, third parties 
not being capable of penetrating into this relationship. 

In a schematic illustration, FIG. 3 shows the message flow for 
authentication of the subscribers S1 , S2 registered in different core networks 
and for authentication of the respective core network. Messages are thereby 
transmitted between the subscribers 81 , 82 using the mobile station MT and 
the network equipment AC, AC (authentication center) of the respective core 
network, being transmitted transparently for the access network and the 
base station thereof. 

First, the subscriber 81 or, respectively, the mobile station MT 
transmits an authentication request aureq-mt via the subscriber-specific 
means (SIM) for the subscriber and a subscriber identity SID - on the basis 
of the subscriber-related SIM card - in the message SEND to the means AC 
of the core network responsible for the subscriber S1 . The transmission of 
the information thereby ensues encrypted. In the opposite direction, the 
means AC returns an authentication reply aures-co in the message SEND 
to the mobile station MT that implements the authentication procedure - with, 
preferably, a secret key - for checking the authentication for the core 
network. With the authentication reply aures-co, an authentication request 
aureq-co is preferably simultaneously co-transmitted from the means AC of 
the core network in encrypted form and is received by the mobile station MT. 
In response thereto, the mobile station returns an authentication reply aures- 
mt in the message SEND to the means AC in encrypted form and subscriber- 
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related, said means AC implementing the authentication procedure for 
checking the subscriber authentication - likewise, preferably, upon 
employment of secret keys. An authentication in only one direction - I.e., 
only for the subscribers or for the network - is also fundamentally possible. 

The executive sequence for the authentication of the subscriber S2 
ensues in a corresponding way by exchanging messages SEND having the 
above contents between the corresponding, subscriber-specific means (SIN) 
of the mobile station MT and the network means AC of the other core 
network responsible for it. As a result of the combination of encryption at the 
radio interface from/to the access network - achieved on the basis of 
repeatedly exchanged public keys on the mobile station level, and following 
the authentication using secret keys on the subscriber level from/to the core 
network independently of the access network, maximum security is achieved 
and access network - responsible for the encryption - and core network or 
networks - responsible for authentication - nonetheless remain functionally 
separate. 



12 

PATENT CLAIMS 

1 . Method for encryption of information for a radio transmission 
and for authentication of subscribers (S1, S2) in a communication system 
(UNM), that 

comprises an access network (ACN) having equipment (BS, BSC) for 
the radio transmission as well as at least one core network (C0N1 , 
C0N2) having a respective equipment (AC, AC) for the subscriber 
authentication, 

allocates a radio channel (RCH) for the transmission of the 
information via a radio interface (Al) from/to at least one base station 
(BS) of the access network (ACN), 
whereby 

- public keys (PUK1-MT, PUK-BS) are mutually transmitted between a 
mobile station (MT) and the base station (BS) via the radio interface (Al), 

- the public key (PUK1-MT or, respectively, PUK-BS) received by the base 
station (BS) or, respectively, mobile station (MT) is employed for encryption 
of the information to be subsequently transmitted via the radio interface (Al), 

- the encrypted information received by the mobile station (MT) or, 
respectively, base station (BS) are deciphered on the basis of a private key 
(PRK1 -MT, PRK1 -BS) that is allocated to the transmitted, public key (PUK1 - 
MT, PUK-BS) in the mobile station (MT) or, respectively, in the base station 
(BS), and whereby 

- a subscriber-specific means (SIN) of the mobile station (MT) implements 
the authentication of the respective core network (C0N1, C0N2), and the 
means (AC, AC) of the core network (C0N1, C0N2) implements the 
authentication of the subscriber (S1, S2) on the basis of encrypted 
information that have been mutually sent. 
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2. Method according to claim 1 , whereby 

- a first public key (PUK1 -MT) is first sent from the mobile station (MT) to 
the base station (BS), which employs it for the encryption of the information 
to be sent by the mobile station (MT); 

- a public key (PUK-BS) is sent from the base station (BS) to the mobile 
station (MT), which employs it for the encryption of the information to be sent 
to the base station (BS); and, subsequently, 

- the mobile station (MT) sends a second public key (PUK2-MT) to the base 
station (BS). 

3. Method according to claim 2, whereby the second public key 
(PUK2-MT) replaces the first key (PUK1 -MT) sent to the base station (BS). 

4. Method according to claim 1 , whereby 

- the base station (BS) first sends a first public key (PUK1-BS) to the mobile 
station (MT) that employs for encryption of the information to be sent to the 
base station (BS); 

- the mobile station (MT) sends a public key (PUK-MT) to the base station 
(BS) that employs for the encryption of the information to be sent to the 
mobile station (MT); and, subsequently, 

- the base station (BS) sends a second public key (PUK2-BS) to the mobile 
station (MT). 

5. Method according to claim 4, whereby the second public key 
(PUK2-BS) replaces the first key (PUK1-BS) sent to the base station (BS). 
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6. Method according to one of the preceding claims, whereby 
-the mobile station (MT) sends a subscriber identity (SID) of the subscriber 
(S1, S2) and an authentication request (aureq-mt) to the core network 
(C0N1, C0N2) in encrypted form, and the means (AC, AC) of the core 
network (C0N1, C0N2) returns an authentication reply (aures-co) in 
encrypted form; 

- the mobile station (MT) implements an authentication procedure for 
checking the identity of the core network (C0N1, C0N2). 

7. Method according to claim 6, whereby 

- the means (AC, AC) of the core network (C0N1, C0N2) sends an 
authentication request (aureq-co) in addition to the authentication reply 
(aures-co) in encrypted form, and the mobile station (MT) returns an 
authentication reply (aures-mt) to the means (AC) in encrypted form; 

- the means (AC, AC) implements an authentication procedure for checking 
the subscriber identity (SID). 

8. Method according to one of the preceding claims, whereby 
secret keys (ki) are employed for the authentication procedure. 

9. Method according to one of the preceding claims, whereby the 
access network (ACN) services at least two core networks (C0N1, C0N2) 
in parallel and one or more subscribers (S1, S2) that can use the mobile 
station (MT) in parallel are registered and authenticated in different core 
networks (C0N1, C0N2). 

10. Method according to one of the claims 1 through 8, whereby 
the access network (ACN) services a core network (CON) in which a plurality 
of subscribers (S1 , S2) that can use the mobile station (MT) in parallel are 
registered and authenticated. 
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1 1 . Method according to one of the preceding claims, whereby the 
access network (ACN) an the core network or networks (C0N1 , C0N2) are 
administered by different network operators. 

1 2. Communication system for encryption of information for a radio 
transmission and for authentication of subscribers (S1, S2), comprising 

an access network (ACN) having equipment (BS, BSC) for the radio 
transmission as well as at least one core network (C0N1, C0N2) 
having a respective means (AC, AC) for the subscriber 
authentication, 

a radio channel (RCH) for transmission of the intervention via a radio 
interface (Al) from/to at least one base station (BS) of the access 
network (ACN), 
and comprising 

- memory devices (MSP, BSP) in a mobile station (MT) and in the base 
station (BS) for storing public keys (PUK1-MT, PUK-BS) and private keys 
PRK1-BS, PRK1-BS [sic]) that are allocated to the public keys (PUK1-MT, 
PUK-BS), 

- transmission devices (MSE, BSE) in the mobile station (MT) and in the 
base station (BS) for mutually sending the public keys (PUK1 -MT, PUK1 -BS) 
via the radio interface (Al), 

- control devices (MST, BST) in the mobile station (MT) and in the base 
station (BS) for encryption of the information to be subsequently sent via the 
radio interface (A1) upon employment of the public keys (PUK1-MT or, 
respectively, PUK-BS) received by the base station (BS) or, respectively, 
mobile station (MT) and for deciphering the received, encrypted information 
on the basis of the stored, appertaining private key (PRK1-MT, PRK1-BS), 
and comprising 
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- a subscriber-specific means (SIN) in the mobile station (MT) and a means 
(AC, AC) in the respective core network (C0N1, C0N2) for the 
implementation of the authentication of the core network (C0N1 , C0N2) as 
well as for the authentication of the subscribers (S1, S2) on the basis of 
mutually transmitted, encrypted information. 

13. Communication system according to claim 12, comprising an 
access network (ACN) to which at least two core networks (C0N1, C0N2) 
are connected in parallel for the registration and authentication of one or 
more subscribers (SI , S2) that can use the mobile station (MT) in parallel in 
different core network (C0N1, C0N2). 

14. Communication system according to claim 12, comprising an 
access network (ACN) to which a core network (C0N1 ) is connected for the 
registration and authentication of a plurality of subscribers (S1 , S2) that can 
use the mobile station (MT) in parallel. 

15. Communication system according to one of the preceding 
claims, comprising an access network (ACN) and one or more core networks 
(C0N1 , C0N2) that exhibit different network operators. 
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ABSTRACT 

Method and Communications System for Ciphering Information for a Radio 
Transmission and for Authenticating of Subscribers 

The subject matter of the invention proceeds from an encryption of the 
information for the radio transmission in an access network (ACN) as well as 
an authentication in at least one core network (C0N1 , C0N2). Inventively, 
public keys (PUK1 -MT, PUK-BS) are mutually transmitted between a mobile 
station (MT) and the base station (BS) via the radio interface (Al), and the 
publickey (PUK1 -MT or, respectively, PUK-BS) received by the base station 
(BS) or, respectively, mobile station (MT) is employed for the encryption of 
the information to be subsequently sent via the radio interface. On the basis 
of a private key (PRK1-MT, PRK1-BS) that is allocated to the transmitted, 
public key (PUK1-MT, PUK-BS) in the mobile station (MT) or, respectively, 
in the base station (BS), the encrypted information received by the mobile 
station or, respectively, base station can be deciphered. Following the 
encryption procedure, a mobile radio telephone-specific means (SIN) of the 
mobile station implements the authentication of the respective core network 
(C0N1 , C0N2), and a means (AC, AC) of the core network implements the 
authentication of the subscriber on the basis of the mutually transmitted, 
encrypted information. 
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Als nachstehend benannter Erfinder erklare ich hiermit 
an Eides Statt: 



dass mein Wohnsitz, meine Postanschrift, und meine 
Staatsangehorigkeit den inn Nachstehenden nach 
nneinem Namen aufgefiihrten Angaben entsprechen, 



dass ich, nacli bestem Wissen der ursprQngllcine, 
erste und alleinige Erfinder (falls naciistehend nur ein 
Name angegeben ist) oder ein ursprunglicher, erster 
und Mlterfinder (falls nachstehend mehrere Namen 
aufgefuhrt sind) des Gegenstandes bin, fur den dieser 
Antrag gesfellt wird und fur den ein Patent beantragt 
wird fur die Erfindung mit dem Titel: 

Verfahren und Kommunikationssystem zur 



Declaration and Power of Attorney For Patent Application 
Erklarung Fur Patentanmeldungen Mit Vollmacht 

German Language Declaration 



Verschlusselung von Informationen fur eine 



Funkubertragung und zur Authentifikation 



von Teiinehmern 



deren Beschreibung 

(zutreffendes ankreuzen) 
[X] hier beigefiigt ist. 
n am 



PCT Internationale Anmeldung 

PCT Annneldungsnummer 

eingereicht wurde und am _ 



abgeandert wurde (falls tatsachlich abgeandert). 



As a below named inventor, 1 hereby declare that: 



My residence, post office address and citizenship s 
as stated below next to my name. 



I believe 1 am the original, first and sole inventor (if 
only one name is listed below) or an original, first and 
joint inventor (if plural names are listed below) of the 
subject matter which is claimed and for which a patent 
is sought on the invention entitled 



the specification of which 

(check one) 

n is attached hereto 

□ was filed on 



PCT international application 

PCT Application No. 

and was amended on 



Ich bestatige hiermit, dass ich den Inhalt der obigen 
Patentanmeldung einschliesslich der Anspruche 
durchgesehen und verstanden habe, die eventuell 
durch einen Zusatzantrag wie oben erwahnt abgean- 
dert wurde. 



Ich erkenne meine Pflicht zur Offenbarung irgendwel- 
cher Informationen, die fur die Prufung der vorliegen- 
den Anmeldung in Einklang mit Absatz 37, Bundes- 
gesetzbuch. Paragraph 1.56(a) von Wichtigkeit sind, 
an. 



Ich beanspruche hiermit auslandische Prioritatsvor- 
teile gemass Abschnitt 35 der Zivllprozessordnung der 
Vereinigten Staaten, Paragraph 119 aller unten ange- 
gebenen Auslandsanmeldungen fur ein Patent oder 
eine Erfindersurkunde, und habe auch alle Auslands- 
anmeldungen fur ein Patent oder eine Erfindersurkun- 
de nachstehend gekennzeichnet, die ein Anmelde- 
datum haben, das vor dem Anmeldedatum der An- 
meldung liegt, fur die Prioritat beansprucht wird. 



1 hereby state that I have reviewed and understand the 
contents of the above identified specification, inclu- 
ding the claims as amended by any amendment refer- 
red to above. 



1 acknowledge the duty to disclose information which 
is material to the examination of this application in 
accordance with Title 37, Code of Federal Regulati- 
ons, §1. 56(a). 



I hereby claim foreign priority benefits under Title 35, 
United States Code, §119 of any foreign application(s) 
for patent or inventor's certificate listed below and 
have also identified below any foreign application for 
patent or inventor's certificate having a filing date 
before that of the application on which priority is clai- 
med: 
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Patent and Trademark Office-U.S. DEPARTMENT OF COMMERCE 



Prior foreign appplications 
Priorltat beanspruclit 



97 56 587.5 Germany 



(Number) (Country) 
(Nummer) (Land) 



(Nunnber) (Country) 
(Nummer) (Land) 



German Language Declaration 



18. Dezember 1997 



(Day Month Year Filed) 
(Tag Monat Jahr eingereicht) 



(Number) 
(Nummer) 



(Country) 
(Land) 



(Day Month Year Filed) 
(Tag Monat Jahr eingereicht) 



(Day Month Year Filed) 
(Tag Monat Jahr eingereicht) 



m 

Yes 



□ 

Yes 



□ 

Yes 



□ 



□ 



!ch beanspruche hiermit gemass Absatz 35 der Zivil- 
prozessordnung der Vereinigten Staaten, Paragraph 
120, den Vorzug aller unten aufgefuhrten Anmel- 
dungen und falls der Gegenstand aus jedem An- 
spruch dieser Anmeldung nicht in einer fruheren ame- 
rikanischen Patentanmeldung laut dem ersten Para- 
graphen des Absatzes 35 der ZivilprozeBordnung der 
Vereinigten Staaten, Paragraph 122 offenbart ist, 
erkenne ich gemass Absatz 37, Bundesgesetzbuch, 
Paragraph 1.56(a) meine Pflicht zur Offenbarung von 
Informationen an, die zwischen dem Anmeldedatum 
der fruheren Anmeldung und dem nationalen oder 
PCT internationalen Anmeldedatum dieser Anmel- 
dung bekannt geworden sind. 



1 hereby claim the benefit under Title 35. United Sta- 
tes Code. §120 of any United States application(s; 
listed below and, insofar as the subject matter of each 
of the claims of this application is not disclosed in the 
prior United States application in the manner provided 
by the first paragraph of Title 35, United States Code, 
§122, I acknowledge the duty to disclose material 
information as defined in Title 37, Code of Federal 
Regulations, §1. 56(a) which occured between the 
filing date of the prior application and the national or 
PCT international filing date of this application. 



(Status) 

(patentlert, anhangig , 
aufgegeben) 



(Status) 

(patented, pending, 
abandoned) 



(Status) 

(patentiert, anhangig, 
aufgeben) 



(Status) 

(patented, pending, 
abandoned) 



Ich erklare hiermit, dass alle von mir in der vorliegen- 
den Erklarung gemachten Angaben nach meinem 
besten Wissen und Gewissen der vollen Wahrheit 
entsprechen, und dass ich diese eidesstattliche Erkla- 
rung in Kenntnis dessen abgebe, dass wissentlich und 
vorsatzlich falsche Angaben gemass Paragraph 1001, 
Absatz 18 der Zivilprozessordnung der Vereinigten 
Staaten von Amerika mit Geldstrafe belegt und/oder 
Gefangnis bestraft werden koennen, und dass derartig 
wissentlich und vorsatzlich falsche Angaben die Gul- 
tigkeit der vorliegenden Patentanmeldung oder eines 
darauf erteilten Patentes gefahrden konnen. 



I hereby declare that all statements made herein of 
my own knowledge are true and that all statements 
made on information and belief are believed to be 
true, and further that these statements were made 
with the knowledge that willful false statements and 
the like so made are punishable by fine or imprison- 
ment, or both, under Section 1001 of Title 18 of the 
United States Code and that such willful false state- 
ments may jeopardize the validity of the application 
any patent issued thereon. 
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German Language Declaration 



VERTRETUNGSVOLLMACHT: Als benannter Erfinder 
beauftrage ich hiermit den nachstehend benannten 
Patentanwalt (oder die nachstehend benannten Pa- 
tentanwalte) und/oder Patent-Agenten mit der Verfol- 
gung der vorliegenden Patentanmeldung sowie mit 
der Abwicklung aller damit verbundenen Geschafte 
dem Patent- und Warenzeichenamt: (Name und 
Registrationsnummer anfuhren) 



And I hereby appoint 

Messrs John D Simpson (Registration No. 1 fi , «42) Lewis T. Steadman tlLG2,4). William C. Stueber (3453) . P. Phillips Connor (ia^SSi, Dennis A. Gross 
f24.4im. Marvin Moody (1^49), Steven H. Noli QSMZ), Brett A. Valiquet.(2Z^, Thomas 1. Ross Kevin W Guynn (2a£22i, ^^dward /JL Lehmann 

22312 James D. Hoba?r(24,149). Robert M. Barrett .(^n, 142), James Van Santen (16.584), J. AffHUTGross (13,615). Richard J. SchWBrzMZAZ^^nd 
fiMmTA. RobinsonJ3LSI0). Pavid R . Metzger John R. Garrett (27.888) a ll members of the firm of Hill, Steadman & Simpson, A Professional Corpo- 



POWER OF ATTORNEY: As a named inventor, I 
hereby appoint the following attorney(s) and/or 
agent(s) to prosecute this application and transact all 
business in the Patent and Trademark Office con- 
nected therewith, (list name and registration number) 



Telefongesprache bitte richten a 
(Name und Telefonnummer) 



Direct Telephone Calls to: (name and telephone r. 
ber) 

312/876-0200 



Postanschrift: 



Send Correspondence to: 

HILL. STEADMAN & SI MPSON 
A Professional Corporation 
85th Floor Sears Tower, Chicago, Illinois 60606 



Voller Name des einzigen oder urspriinglichen Erfinders: 

^/IFM7FI r.hri.^tian 


Full name of sole or first inventor: 


Unterschrift.des Erfinders/ Datum 
)( air. ;^l,^ln.^V)^ i 


Inventor's signature Date 


Wohnsitz /' 

D-82216 Maisach, Germany T)^ X 


Residence 


Staatsangehorigkeit 

Bundesrepublik Deutschland 


Citizenship 


Postanschrift 

Edelweidstr. 36 


Post Office Addess 


D-82216 Maisach 
Bundesrepublik Deutsclnland 




Voller Name des zweiten Miterfinders (falls zutreffend): 

HAFERBECK. Ralf 


Full name of second joint inventor, if any: 


Unterschrift des Erfinders j Datum 


Second Inventor's signature Date 


Wohnsitz/ f 

D-85716JJnterschleiBhejuiL, GERMANY DGK 


Residence 


staatsangehorigkeit 

Bundesrepublik Deutschland 


Citizenship 


Postanschrift 

St.-Benedikt-Str. 5 


Post Office Address 


D-85716 UnterschleilSheim 
Bundesrepublik Deutschland 





(Bitte entsprechende Informationen und Unterschriften im 
Falle von dritten und weiteren Miterfindern angeben). 



subsequent joint inventors). 
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